Bitcoin Stack Exchange
Bitcoin Stack Exchange

Questions tagged [musig]

MuSig is a family of protocols for aggregating public keys and signatures. It includes MuSig (also called MuSig1), MuSig2 and MuSig-DN. Key and signature aggregation makes multisignature transactions cheaper and more private.

30 questions
14
votes
1 answer

Musig Signature Interactivity

2 Questions: Why is Musig signing always interactive? Let's say I have a Musig wallet where keys are stored in secure locations with no internet access. What are some methods to sign from these secure, offline locations given Musig interactivity…
justinmoon
  • 567
  • 2
  • 11
11
votes
2 answers

How could Schnorr signatures be aggregated across the whole transaction?

I am studying the MuSig protocol and am having trouble grasping certain segments. This is my understanding thus far: In current Bitcoin CHECKMULTISIG format, the size of the signature grows linearly with the number of additional "m" signers. The way…
Jayyy777
  • 131
  • 4
8
votes
1 answer

Possible number of signers with MuSig

With multisig, up to 20 signatures may be used in a threshold signature scheme (What are the limits of m and n in m-of-n multisig addresses?). As far as I understand, there should be no hard-coded limit with MuSig, as to the blockchain every scheme…
Dalit Sairio
  • 403
  • 2
  • 5
6
votes
1 answer

Does MuSig have the same security as 2-2 multisig?

Disclaimer: This question is of theoretical importance to me trying to educate myself better on cryptographic principles and signature schemes. I don't intend to imply that in practice schnorr signatures are less secure than current 2-2 multisig…
Rene Pickhardt
  • 11,670
  • 8
  • 35
6
votes
1 answer

What is the difference between key aggregation and signature aggregation?

What is the difference between key aggregation (e.g. MuSig) and signature aggregation? Many people (including myself) have in the past used these terms interchangeably. Why is it important to be careful to use the correct term in its correct…
Michael Folkson
  • 14,337
  • 3
  • 11
  • 45
4
votes
0 answers

How does schnorr signature construct multisig functionality?

How does the multiparty schnorr signature work and enable multisig functionality in Bitcoin? What are its limitations? Can we construct any m of n signature? Is there anyway to hide the signers among the participants? *I specifically would like to…
abeikverdi
  • 854
  • 8
  • 21
3
votes
1 answer

Which MuSig scheme is optimal? Classic MuSig or this new MuSig-DN scheme?

Now we have two competing MuSig schemes which is better? Classic MuSig or MuSig-DN? Which use case(s) might choose classic MuSig over MuSig-DN and vice versa?
Michael Folkson
  • 14,337
  • 3
  • 11
  • 45
3
votes
1 answer

Is Z-man's PTLC construction implementable using libsecp256k1-zkp?

In a mailing list post Z-man details a PTLC construction which he claims is "is almost entirely a MuSig ritual". My question is whether this MusigTweak is what is called the adaptor (last argument of secp256k1_musig_session_combine_nonces) in…
Janus Troelsen
  • 899
  • 8
  • 26
3
votes
1 answer

musig2 with BIP-32 style nonce chain

I am interested in the case where a fixed pool of signers will sign a series of many messages. As I understand it, musig2 would allow pre-processing, whereby a signature aggregator could collect a list of public nonce pairs from each signer in…
user1055568
  • 208
  • 1
  • 7
3
votes
1 answer

How do the various Lightning implementations treat latency? How long do they wait for a peer to provide a signature before using unhappy path?

Rene Pickhardt brought up the problem of latency on the Lightning Network in this answer on using nested (or "recursive") MuSig2 or FROST when providing a signature within an existing Lightning channel or to cooperatively close a Lightning…
Michael Folkson
  • 14,337
  • 3
  • 11
  • 45
2
votes
1 answer

Who will the first adopters of Taproot be (assuming it is activated at some stage)? What incentives are there to start using it straight away?

Adoption of SegWit by users and companies after it was activated was slow. Should we expect adoption of Taproot to be slow also (assuming it is activated at some stage)? Who will the first adopters of Taproot be? What incentives are there for users…
Michael Folkson
  • 14,337
  • 3
  • 11
  • 45
2
votes
2 answers

Can you do P2WSH / P2SH on Lightning Network (LN)?

I understand that a channel is a 2 of 2 multisig: 1 && 1 Is it possible that one side of this channel is a multisig wallet? So in essence one of the 2 main, is actually a 2 of 3 multisig. This would be: ( 2 of 3 ) && 1 If the other side was also…
miketery
  • 82
  • 1
  • 8
2
votes
1 answer

Where can I get some MuSig2 test vectors?

I am writing a MuSig2 library and need some test vectors. This should include the hash functions used.
Jimmy Song
  • 7,709
  • 16
  • 35
2
votes
1 answer

How to spend a taproot output using key path with a threshold signature scheme when the secret key is never computed?

In taproot, in order to spend the keypath, the transaction must be signed using the tweaked private key instead of the normal private key (as defined in BIP 341). However when computing a signature using a threshold signature scheme, the secret is…
sa8
  • 75
  • 3
2
votes
1 answer

Using key aggregation (multsig) in P2TR script path spends

I know that it is possible to create a 2-2 multsig using Taproot by combining both private keys into one public key and defining that as the key path spend. I also know that it is possible to use Tapscript to do the same thing with a script path…
Hellwerker
  • 137
  • 6
1
2